<?php


class m_security
{
	
	private $passwdSalt1  = "%*4!#$;\.k~'(_@";
	private $passwdSalt2 = "+[a?-:+Z\$tM>3-V";

/*------------------------------------------------------------------------------------------------------*/	
	/**
	 * Devuelve el salt seleccionado 1-2
	 * 
	 * @param mixed $id
	 * @return void
	 */
	public function getSalt($id){
		return $this->passwdSalt.$id;
	}
/*------------------------------------------------------------------------------------------------------*/	
	
	/**
     * Genera una clave.Funcion($longitud, $fuerza(de 0 a 8)).El parametro $fuerza va con saltos de 1 2 4 y 8
     *
     * @return string
     * @author MadPitbull 
     */
    public function generarPassword($longitud = 9, $fuerza = 0){

        $vocales = 'aeuy';
        $consonantes = 'bdghjmnpqrstvz';
        if ($fuerza >= 1) {
            $consonantes .= 'BDGHJLMNPQRSTVWXZ';
        }
        if ($fuerza >= 2) {
            $vocales .= "AEUY";
        }
        if ($fuerza >= 4) {
            $consonantes .= '23456789';
        }
        if ($fuerza >= 8) {
            $vocales .= '@#$%';
        }

        $password = '';
        $alt = time() % 2;
        for ($i = 0; $i < $longitud; $i++) {
            if ($alt == 1) {
                $password .= $consonantes[(rand() % strlen($consonantes))];
                $alt = 0;
            } else {
                $password .= $vocales[(rand() % strlen($vocales))];
                $alt = 1;
            }
        }
        return $password;
    } 
/*------------------------------------------------------------------------------------------------------*/	

    /**
     * Filtra la cadena introducida ante ataques XSS
     *
     * @return string
     * @author MadPitbull 
     */
    public function sanitizeXSS($string)
    {
        $secureString = str_replace('"', "&#34;",  $string);
        $secureString = str_replace("'", "&#39;",  $secureString);
        $secureString = str_replace("-", "&#45;",  $secureString);
        $secureString = str_replace("+", "&#43;",  $secureString);
        $secureString = str_replace(",", "&#44;",  $secureString);
        $secureString = str_replace(".", "&#46;",  $secureString);
        $secureString = str_replace("*", "&#42;",  $secureString);
        $secureString = str_replace("<", "&#60;",  $secureString);
        $secureString = str_replace(">", "&#62;",  $secureString);
        $secureString = str_replace(":", "&#58;",  $secureString);
        $secureString = str_replace("%", "&#37;",  $secureString);
        $secureString = str_replace("\$", "&#36;", $secureString);
        $secureString = str_replace("=", "&#61;",  $secureString);
        $secureString = str_replace("?", "&#63;",  $secureString);
        $secureString = str_replace("(", "&#40;",  $secureString);
        $secureString = str_replace(")", "&#41;",  $secureString);
        $secureString = str_replace("/", "&#47;",  $secureString);
        $secureString = str_replace("{", "&#123;", $secureString);
        $secureString = str_replace("}", "&#125;", $secureString);
        $secureString = str_replace("\\", "&#92;", $secureString);

        return htmlspecialchars($secureString);
    }

/*------------------------------------------------------------------------------------------------------*/	
    /**
     * Filtra la cadena introducida ante ataques SQL Injection
     *
     * @return string
     * @author MadPitbull 
     */
    public function sanitizeSQLi($sqlString){
		$dirtyChars= array("\"", "\\", "/", "*", "'", "=", "-", "#", ";", "<", ">", "+", "%");
		$sqlSanitized = str_replace($dirtyChars, "", $sqlSanitized);
		
		return mysql_real_escape_string($sqlSanitized);

    }
    
/*------------------------------------------------------------------------------------------------------*/	    
	
	/**
	 * Devuelve el Hash de la cadena pasada como argumento
	 * 
	 * @return void
	 */
	public function getHashFromPassword($string, $saltId){
    	$salt = $this->getSalt($saltId);
    	
    	$hash = md5($salt."-".$string."-".$salt.'$'.uniqid(rand(), true));
    	return $hash;
    }
/*------------------------------------------------------------------------------------------------------*/	
	
}
?>
